Here you can get knowledge regarding of configuration and installation of IT infrastructure.

Monday, April 15, 2013

how to configure Security Analysis Server 2003

Security Configuration and Analysis MMC

With Windows Server 2003, you can create a mew MMC that enables
Security Analysis functionality. Before we begin, we should ensure you
understand what an MMC is. The MMC (Microsoft Management Console)
should be something you are familiar with as it was introduced way back
in Windows NT - with older versions of IIS. Since then, Windows 2000
and 2003 have been utilizing this console for just about every service
available within Windows. You can make a new console by going to the
Run dialog box in the Start menu and typing: mmc
This will open a new Console. You can also open it in author mode by adding an mmc /a to the command. You can see this in Figure 1.

Figure 1

In figure 2, you can see that the new MMC has been opened and is ready for you to populate.

Figure 2

Once you have the MMC open, you only need to add the Security
Configuration and Analysis tool. Before we do, lets go over it briefly.

Security Configuration and Analysis Snap in

Now you can set up the Security Configuration and Analysis in the
Microsoft Management Console (MMC) to analyze and to configure security
on a computer that is running Windows Server 2003. What the Security
Configuration and Analysis does is compare the current security
configuration with a security configuration that is stored in a
database. To break this down into simplistic terms:

Run the tool

It checks you settings against a template in its database

It reports to you where you have weaknesses

You fix them

Run the tool again to check

Simple right? Ok, now that you know this, lets look at some more details and how to set it up and run it.
In Microsoft terms, you can create a database that contains a preferred
level of security and then run an analysis that compares the current
configuration to the settings in the database. Again, this is simple as
it just checks your system to verify its locked down and hardened.
Security Configuration and Analysis includes the following features:

Security Templates

Security Configuration and Analysis

Secedit command-line command

To analyze the security configuration of your computer, you must perform the following two steps:

Create the security database by using a security template.

Compare the computer security analysis to the database settings.

In this article we will look at these steps in great detail so that you
completely know how to run this tool and get your security analysis
information.

Create the Security Database

Lets look at the steps required to create the initial security
database. We still need to connect the Security Configuration and
Analysis tool, so lets look at finishing that up:
In figure 3, you can see that once you open up a new MMC, you will have
the option to add in snap ins. To do this, go to the MMC's File menu
and select the Add/Remove Snap-In… option.

Figure 3

Once opened, you can click on the Add button so that you can get figure 4 up so you can add your analysis tool.

Figure 4

Once you open the Add Standalone Snap-in, you can select the Security
Configuration and Analysis tool as seen in figure 4. Next, highlight it
and click on Add. Nothing will happen as you can see, so click Close,
and then you will see in Figure 5, the Security Configuration and
Analysis tool has been added and ready to use. Click Ok and proceed to
this will bring you back to the MMC.

Figure 5

Figure 6 shows you the snap in added and ready to use. Directions are
provided in the contents pane of the MMC. To create a database to use,
you need to right click the Security Configuration and Analysis tool and
select, Open Database… as seen in figure 6.

Figure 6

Once you open the database, you will be shown the Open Database dialog box as seen in figure 7.

Figure 7

As you see in figure 7, I name logs and databases so that I can
reference back to them intelligently so here, I simply use the date the
database was created. Once you are done, click Open, and this will
invoke Figure 8.

Figure 8

Figure 8 is the security template that will be applied against your
current configuration… and in this instance; I selected securedc.inf
because I want to check security on my Domain Controller. Once you
select the right template, click Open. Note: You do not have to click 'Clear this database before
importing' because there are no entries in the database yet! If there
were, then you can select this so that it runs clear.
Now, you have just set up your MMC to run the Security Configuration
and Analysis tool against your DC with the securedc.inf security
template. This is where the analysis phase comes in now that your
database has been completed.

Analyze System Security

Now that you have made the database, you need to analyze the system to
populate it with all the cool information you will use to analyze the
security posture of your Windows Server 2003 system.
To compare system security with the settings in the security database,
follow these steps: In the left pane, right-click Security
Configuration and Analysis, and then click Analyze Computer Now as seen
in figure 9.

Figure 9

Once you kick off the analysis, you will be promoted with a location
for the security log. Note the location of the error log file, and then
click OK.

Figure 10

Figure 11 shows you the process of the scan, it should not take more than a minute of two to perform this scan.

Figure 11

Once you have completed your scan, you will be presented with what
looks like figure 12. Figure 12 shows the analysis that was done
hierarchically.

Figure 12

Now, we need to dig into the analysis done to see what we need to do.
Although it will take you awhile to sift through all the information,
lets explain to you what it is you are looking at so you can read the
analysis and work through what it is telling you.
Figure 13 shows you the Security Options in the MMC. There are quite a
few symbols shown to you and if you are to analyze this properly, you
will need to know what they stand for.

Figure 13

Table 1 gives you the explanations for the symbols you see:

Table 1

Symbol

Explanation

Red X

The entry is defined in the analysis database and on the system, but the security setting values do not match

Green check mark

The entry is defined in the analysis database and on the system, and the setting values match

Question mark

The
entry is not defined in the analysis database and was not analyzed. If
an entry is not analyzed, the entry may not be defined in the analysis
database, or the user who is running the analysis may not have
permissions to perform analysis on a specific object or area

Exclamation point

The
entry is defined in the analysis database, but does not exist on the
actual system. For example, there may be a restricted group that is
defined in the analysis database but does not actually exist on the
system that you are analyzing

No symbol

If no symbol appears, the entry is not defined in the analysis database or on the system

Now that you understand these entries, take a good look at figure 13
again, or look at your own analysis for your server. In figure 14,
there is another look at these symbols. In figure 14, you can see that
there are question marks near Account lockout duration and Rest account
lockout counter after, and on both, this simply means that the entry
is not defined in the analysis database and was not analyzed. You can
see that there is a red X on the Account lockout threshold. This means
that this setting (on the Windows Server 2003 system) does not match
that in the database and needs to be analyzed by you. See how easy that
was?

Figure 14

Add Settings to the Database

In the case of the missing entries in the database you can add them
pretty effortlessly. If a setting is not contained in the database, you
can add it very easily. To do so, Right-click an entry that is not
defined in the database, and then click Properties. You can see this in
figure 15. Remember, this only affects the database and analysis, you
are not turning on any services, or so on when you do this, just set
the database to look at this setting as well.

Figure 15

That’s it! You have successfully set up the Security Configuration and
Analysis tool, built a database, performed a scan and learned how to
alter it. Now, you can expand on this knowledge by looking through all
the settings and whatever the Security Configuration and Analysis tool
flagged, you should check out.